Issue 20940: Test 239: buffer overflow in sock_recvmsg_guts

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/65139

classification

Title:	Test 239: buffer overflow in sock_recvmsg_guts
Type:		Stage:	resolved
Components:	Tests	Versions:	Python 3.5

process

Status:	closed	Resolution:	duplicate
Dependencies:		Superseder:	test_socket: buffer overflow in sock_recvmsg_guts View: 20937
Assigned To:		Nosy List:	Jeffrey.Walton, neologix
Priority:	normal	Keywords:

Created on 2014-03-15 20:46 by Jeffrey.Walton, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Repositories containing patches
http://hg.python.org/cpython

Messages (2)
msg213683 - (view)	Author: Jeffrey Walton (Jeffrey.Walton) *	Date: 2014-03-15 20:46
Test 240 also suffers from a buffer overflow on sock_recvmsg_guts. Test 240 is the test that follows 239, and 239 is "[239/389/2] test_unittest". (I don't believe the message for 239 has flushed). ================================================================= ==29767==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6030000c0ce4 at pc 0x4aafea bp 0x7fff4c426010 sp 0x7fff4c425fc0 WRITE of size 24 at 0x6030000c0ce4 thread T0 #0 0x4aafe9 in write_msghdr /home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1395 #1 0x4aafe9 in __interceptor_recvmsg /home/jwalton/Desktop/clang-3.4/llvm-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:1405 #2 0x2b955a764166 in sock_recvmsg_guts ./Modules/socketmodule.c:2968 #3 0x2b955a75f856 in sock_recvmsg ./Modules/socketmodule.c:3098 #4 0x6642ea in ext_do_call ./Python/ceval.c:4548 #5 0x6642ea in PyEval_EvalFrameEx ./Python/ceval.c:2869 #6 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578 #7 0x670ce5 in fast_function ./Python/ceval.c:4334 #8 0x65fbf8 in call_function ./Python/ceval.c:4252 #9 0x65fbf8 in PyEval_EvalFrameEx ./Python/ceval.c:2829 #10 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578 #11 0x670ce5 in fast_function ./Python/ceval.c:4334 #12 0x65fbf8 in call_function ./Python/ceval.c:4252 #13 0x65fbf8 in PyEval_EvalFrameEx ./Python/ceval.c:2829 #14 0x670baa in fast_function ./Python/ceval.c:4324 #15 0x65fbf8 in call_function ./Python/ceval.c:4252 #16 0x65fbf8 in PyEval_EvalFrameEx ./Python/ceval.c:2829 #17 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578 #18 0x84c1a7 in function_call ./Objects/funcobject.c:632 #19 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067 #20 0x664306 in ext_do_call ./Python/ceval.c:4551 #21 0x664306 in PyEval_EvalFrameEx ./Python/ceval.c:2869 #22 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578 #23 0x84c1a7 in function_call ./Objects/funcobject.c:632 #24 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067 #25 0x830dfc in method_call ./Objects/classobject.c:347 #26 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067 #27 0x5ae13f in slot_tp_call ./Objects/typeobject.c:5809 #28 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067 #29 0x6653d0 in do_call ./Python/ceval.c:4456 #30 0x6653d0 in call_function ./Python/ceval.c:4254 #31 0x6653d0 in PyEval_EvalFrameEx ./Python/ceval.c:2829 #32 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578 #33 0x84c1a7 in function_call ./Objects/funcobject.c:632 #34 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067 #35 0x664306 in ext_do_call ./Python/ceval.c:4551 #36 0x664306 in PyEval_EvalFrameEx ./Python/ceval.c:2869 #37 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578 #38 0x84c1a7 in function_call ./Objects/funcobject.c:632 #39 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067 #40 0x830dfc in method_call ./Objects/classobject.c:347 #41 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067 #42 0x5ae13f in slot_tp_call ./Objects/typeobject.c:5809 #43 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067 #44 0x6653d0 in do_call ./Python/ceval.c:4456 #45 0x6653d0 in call_function ./Python/ceval.c:4254 #46 0x6653d0 in PyEval_EvalFrameEx ./Python/ceval.c:2829 #47 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578 #48 0x84c1a7 in function_call ./Objects/funcobject.c:632 #49 0x4fd729 in PyObject_Call ./Objects/abstract.c:2067 #50 0x664306 in ext_do_call ./Python/ceval.c:4551 #51 0x664306 in PyEval_EvalFrameEx ./Python/ceval.c:2869 #52 0x655aab in PyEval_EvalCodeEx ./Python/ceval.c:3578 #53 0x84c1a7 in function_call ./Objects/funcobject.c:632 [Missing remainder of trace]
msg213726 - (view)	Author: Charles-François Natali (neologix) *	Date: 2014-03-16 14:37
It might be a different test triggering the buffer overflow, but the underlying cause is the same as #20937.

History
Date	User	Action	Args
2022-04-11 14:58:00	admin	set	github: 65139
2014-03-16 14:37:07	neologix	set	status: open -> closed superseder: test_socket: buffer overflow in sock_recvmsg_guts nosy: + neologix messages: + msg213726 resolution: duplicate stage: resolved
2014-03-15 20:46:44	Jeffrey.Walton	create